Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Supporting extra config files for k8s components #7911

Closed
Tracked by #7561
frezbo opened this issue Oct 31, 2023 · 4 comments · Fixed by #7942 or #7951
Closed
Tracked by #7561

Supporting extra config files for k8s components #7911

frezbo opened this issue Oct 31, 2023 · 4 comments · Fixed by #7942 or #7951

Comments

@frezbo
Copy link
Member

frezbo commented Oct 31, 2023

Feature Request

Kubelet, API server, Kube scheduler etc require extra config files to be passed in as arguments for advanced tweaking. Currently Talos lacks an easy way to configure them. See:

Proposal

Support something in the order of extraConfigFiles for the components. Eg:

machine:
  kubelet:
    extraConfigFiles:
      - name: credentialproviderconfig.yaml
        value:
          apiVersion: kubelet.config.k8s.io/v1
          kind: CredentialProviderConfig

The value can be any valid yaml and Talos will not validate the schema.

Talos can write down these files to /etc/kubernetes/<component-name>.d/ directory and fully managed by the configuration in the machine config.

These folders would be mounted by default by Talos to the corresponding components. The user would still have to pass in extraArgs/extraConfig to use these files.
@smira
Copy link
Member

smira commented Oct 31, 2023

I think we should avoid /etc/kubernetes as it is backed by /var via overlay mount... much better place will be under /system with other config files we already generate. We can still mount it into the container as /etc/kubernetes/<something>

@frezbo
Copy link
Member Author

frezbo commented Oct 31, 2023

I think we should avoid /etc/kubernetes as it is backed by /var via overlay mount... much better place will be under /system with other config files we already generate. We can still mount it into the container as /etc/kubernetes/<something>

kubelet.conf is already under /var right? and since we deterministically generate those, shouldn't it be okay?

@smira
Copy link
Member

smira commented Oct 31, 2023

I don't like the fact that we leave some files in /var for no reason. kubelet.conf is there for historical reasons, plus kubelet keeps its own state there. But we shouldn't put new stuff there if there's no reason to do so.

We don't need these files to persist reboots, we don't even need /var for them at all, so why put them there, if we could better handle them in a tmpfs location we own completely?

@frezbo
Copy link
Member Author

frezbo commented Oct 31, 2023

We don't need these files to persist reboots, we don't even need /var for them at all, so why put them there, if we could better handle them in a tmpfs location we own completely?

that makes sense 👍

@smira smira mentioned this issue Nov 7, 2023
Closed
frezbo added a commit to frezbo/talos that referenced this issue Nov 9, 2023
@frezbo
feat: support kubelet credentialprovider config
34403b5 
Support configuring kubelet credential provider config.

Partially fixes: siderolabs#7911

Signed-off-by: Noel Georgi <git@frezbo.dev>
frezbo added a commit to frezbo/talos that referenced this issue Nov 9, 2023
@frezbo
feat: support kubelet credentialprovider config
5998bb0 
Support configuring kubelet credential provider config.

Partially fixes: siderolabs#7911

Signed-off-by: Noel Georgi <git@frezbo.dev>
@frezbo frezbo mentioned this issue Nov 9, 2023
Merged
frezbo added a commit to frezbo/talos that referenced this issue Nov 9, 2023
@frezbo
feat: support kubelet credentialprovider config
9de6892 
Support configuring kubelet credential provider config.

Partially fixes: siderolabs#7911

Signed-off-by: Noel Georgi <git@frezbo.dev>
frezbo added a commit to frezbo/talos that referenced this issue Nov 10, 2023
@frezbo
feat: support kubelet credentialprovider config
474efb9 
Support configuring kubelet credential provider config.

Partially fixes: siderolabs#7911

Signed-off-by: Noel Georgi <git@frezbo.dev>
frezbo added a commit to frezbo/talos that referenced this issue Nov 13, 2023
@frezbo
feat: support kubelet credentialprovider config
674863e 
Support configuring kubelet credential provider config.

Partially fixes: siderolabs#7911

Signed-off-by: Noel Georgi <git@frezbo.dev>
frezbo added a commit to frezbo/talos that referenced this issue Nov 13, 2023
@frezbo
feat: support kubelet credentialprovider config
b4c11e7 
Support configuring kubelet credential provider config.

Partially fixes: siderolabs#7911

Signed-off-by: Noel Georgi <git@frezbo.dev>
frezbo added a commit to frezbo/talos that referenced this issue Nov 13, 2023
@frezbo
feat: support kube scheduler config
8c86c6d 
Support kube-scheduler config.

Fixes: siderolabs#7905
Partially fixes: siderolabs#7911

Signed-off-by: Noel Georgi <git@frezbo.dev>
@frezbo frezbo mentioned this issue Nov 13, 2023
Merged
frezbo added a commit to frezbo/talos that referenced this issue Nov 13, 2023
@frezbo
feat: support kube scheduler config
a24fc14 
Support kube-scheduler config.

Fixes: siderolabs#7905
Partially fixes: siderolabs#7911

Signed-off-by: Noel Georgi <git@frezbo.dev>
frezbo added a commit to frezbo/talos that referenced this issue Nov 14, 2023
@frezbo
feat: support kube scheduler config
d58b019 
Support kube-scheduler config.

Fixes: siderolabs#7905
Partially fixes: siderolabs#7911

Signed-off-by: Noel Georgi <git@frezbo.dev>
frezbo added a commit to frezbo/talos that referenced this issue Nov 15, 2023
@frezbo
feat: support kube scheduler config
0d3c3ed 
Support kube-scheduler config.

Fixes: siderolabs#7905
Partially fixes: siderolabs#7911

Signed-off-by: Noel Georgi <git@frezbo.dev>
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jun 9, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@smira @frezbo